Since last fall, I’ve been going to Denver University for my EMBA program. This quarter a team of us were to present a paper and as it turned out, our topic was privacy. Even though the topic was broader and we were required to cover many other aspects of privacy as – workplace privacy, citizen privacy, privacy laws and statues in the country and so forth, we found it interesting to add in a piece for consumer privacy. As part of our class presentation, we picked a fellow student (hey Toby!) and simply by knowing his name, in less than 5 minutes, we were able to find his:
- Date of Birth
- Home Address
- Phone number
- Home Price
- Cars that he drive
- Previously known home addresses
- Wife’s name
- Relatives names
- Mortgage info
- Employer Info
- School Info
- Pictures of him and his family
Here are some of sites that we used to get this information:
- http://<respective county website>
And interestingly enough, while doing so we didn’t break any laws (nor did we spend any money – a lot more is apparently available for $9.95).
Now…in the past few years I have spent decent amount of time going through the use cases around user’s personal information especially date of birth. Should we exchange ‘DOB’ or ‘Age’ or simply the claim that the user is ‘over 21′. I have read and articulated many times, Kim’s Laws of Identity and why user control and consent should be required and why RPs should respect the ‘minimal disclosure for a constrained use’.
However, I’m wondering the practicality of it. The privacy statement at the home page of http://www.birthdatabase.com interestingly states that “Our birthday data is obtained from public records and available to anyone with a simple knowledge of public record access.” If all of my information is publicly available anyway,what’s point of splitting hairs on what part of information should be shared. It’s not like it’s even possible to hide my age from anyone….and do I really care for the control and consent of the information on a per RP basis – information that’s available publicly for everyone.
A while back, Sun’s CEO Scott McNealy made a statement “You have zero privacy anyway, Get over it”. As much as I appreciate the thinking behind some of the identity laws, I can’t help agreeing with the sentiment that argues ‘Get over it’.
Now if the information is indeed protected by law, that changes things. But for everything else, why bother?
Here are some of the slides that were used in our class presentation.